Microsoft’s Office has an unpatched bug; can lead to data exposure, warns the Windows-maker  

Microsoft disclosed an unpatched zero-day in Office that could be used by threat actors to access sensitive information. The vulnerability in Office has been described as a spoofing flaw that makes use of social engineering to lure users to click on maliciously crafted links.

Attackers could host a website, or use compromised websites, to target users. Links to these maliciously crafted websites are then sent to the targeted users either through email or a message on the Messenger app. Users are lured into clicking on the link, which delivers a file on their systems specifically designed to exploit the vulnerability.

Microsoft is expected to release a formal patch for the vulnerability as soon as 13 August, in the meantime, the Windows-maker has enabled an alternative fix.

The disclosure comes even as Microsoft says it is working on addressing two zero-day flaws that could be exploited to “unpatch” up-to-date Windows systems, opening them up to attacks leveraging older vulnerabilities.

Disclaimer: The copyright of this article belongs to the original author. Reposting this article is solely for the purpose of information dissemination and does not constitute any investment advice. If there is any infringement, please contact us immediately. We will make corrections or deletions as necessary. Thank you.
You might also like